Salmones Aysen Targeted by LockBit 3.0 Ransomware

Incident Date:

May 9, 2024

World map

Overview

Title

Salmones Aysen Targeted by LockBit 3.0 Ransomware

Victim

Salmones Aysen S.A.

Attacker

Lockbit3

Location

Puerto Montt, Chile

, Chile

First Reported

May 9, 2024

Ransomware Attack on Salmones Aysen by LockBit 3.0

Victim Profile

Salmones Aysen S.A. is a Chilean company specializing in the production and distribution of Coho Salmon. They are dedicated to delivering premium quality sustainable seafood with transparency and honesty. The company controls the entire production cycle, ensuring a sustainable and fully traceable product.

Company Size and Standout Features

Salmones Aysen S.A. has 426 employees and operates in Chile, Japan, and the USA. They stand out in the industry for their commitment to quality, sustainability, and traceability in Coho Salmon production. Their focus on Coho Salmon, known for its natural resistance to diseases, allows them to maintain high standards of quality and service.

Vulnerabilities and Ransomware Attack

Salmones Aysen was targeted by the LockBit 3.0 ransomware group, resulting in the encryption of files and the exfiltration of 180 GB of sensitive data. The leaked data included sales documents, contracts, client information, certificates, invoices, and personally identifiable information (PII). The attack highlights the vulnerability of the company's systems to sophisticated cyber threats.

LockBit 3.0 Ransomware Group

LockBit 3.0, also known as LockBit Black, is a Ransomware-as-a-Service (RaaS) group that has been actively recruiting affiliates and targeting businesses and critical infrastructure organizations. The ransomware encrypts files, modifies filenames, changes desktop wallpapers, and drops ransom notes. It is known for its advanced capabilities, including lateral movement through networks and covering its tracks to evade detection.

Sources:

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.